cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Krb5Login Module not in list

Former Member

on ‎02-03-2006 2:01 PM

0 Kudos

Hi,

I am trying to configure Kerberos Authentication on the portal (EP 6 SP15) for SSO.

According to the SAP documentation

"Configuring Login Module Stacks for Kerberos Authentication"

( http://help.sap.com/saphelp_nw04/helpdata/en/12/9f244183bb8639e10000000a1550b0/frameset.htm) step 4, I have to create a login module stack and add the login module's KrbLoginModule and MappingModule to this stack.

However this modules are not in the list of available Login Modules.

Does anyone know how to add these modules to the list?

Thanx,

Twan Janssen

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎02-03-2006 4:20 PM
0 Kudos

Hello Janssen,

I'm also trying to do the same. You can add these 2 Login Modules by yourself also and it will be there in the List then. Do the following:-

1. Login to VA

2. Goto Security Provider service

3. User Management -> Manage Security Stores

4. Add Login Module (so here you have to add those 2 Login Modules)

I'm also trying to do this, so better be in touch i think there are lot of things that we have to do.

Please reward points for this.

Regards

Vaib

Show replies
Show replies
Former Member
‎02-03-2006 9:25 PM
0 Kudos

Hello Janssen,

Could you please let me know how you have created the Keytab file on the KDC??

Vaib

Former Member
‎02-06-2006 8:46 AM
0 Kudos

Hi Vaib,

Do you know the class names of these two Login Modules (Krb5LoginModule and MappingModule)? These are required to add the modules.

Regards,

Twan

Former Member
‎02-06-2006 9:14 AM
0 Kudos

Hi Vaib,

Procedure to create a Keytab file:

Create a service user in AD.

Login to the ADS server.

On the command line type:

ktpass –princ host/<j2ee server host name>@<domain name> -pass <service_user_password> -out <keytab_file_name> +DesOnly /crypto DES-CBC-MD5 /ptype KRB5_NT_PRINCIPAL

followed by:

ktpass –princ HTTP/<j2ee server host name>@<domain name> -pass <service_user_password> -out <keytab_file_name> -in <keytab_file_name> -mapUser <service_username> +DesOnly /crypto DES-CBC-MD5 /ptype KRB5_NT_PRINCIPAL

fill in your j2ee host and domain name and userid and password of service user.

Regards,

Twan

Former Member
‎02-06-2006 6:39 PM
0 Kudos

Thanks Janssen for instructions on KeyTab,

I think for the Class name for the Login Modules :-

Krb5LoginModule & MappingModule

You need to create the OSS as it's not mentioned anywhere in the documentation. OR you may try to give the Login Module name in the class name and see.

Please update me also as i'm also doing the same thing.

Regards

Vaib

Former Member
‎02-07-2006 8:17 AM
0 Kudos

Hi Vaib,

the class names are:

com.sun.security.auth.module.Krb5LoginModule

com.sap.spnegoauth.jaas.MappingModule

Regards,

Twan

yonko_yonchev
Active Participant
‎02-08-2006 5:01 PM
0 Kudos

Hello everyone,

the correct classname for MappingModule is

<b>com.sap.security.core.server.jaas.SPNegoMappingLoginModule</b>

With this classpath you do not need to deploy spnegoauth.sda on the J2EE Engine to get SPNego up and running. You only need to register the Krb5LoginModule and the MappingModule in the Visual Administrator of the J2EE Engine.

Best Regards,

Yonko<b></b>

Ask a Question